RdSwQ.exe

First submission 2022-08-02 20:30:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 136.0 KB (139264 bytes)
Compile time: 2022-07-26 15:17:49
MD5: 6862264bbd7688ac4bd96f16786cd153
SHA1: 8fd23a996f8b78914f9969cb3c31be7ffd02e346
SHA256: 701ef63a3a8c4f2eb90d64cd897e0098460e1272a54404b90ab794a685b98ffc
Import Hash : 4f7271df0bf201cf627af3103fba2c2e
Sections 3 .text .data .rsrc
Directories 2 import resource
Virus Total: 38/71 VT report date: 2022-08-02 17:47:23

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://109.206.241.81/htdocs/RdSwQ.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 20:30:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1e4c0 126976 20045349b2dd96ffdc02ff418b65033400e4c977 7db9b859c8c74a9df2e24e10ed198fce
.data 0x20000 0xbd4 4096 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x21000 0x9ec 4096 ce291e0c8941b05388f65f2a30b5b0aa75c09835 739956d4fc24a96de9f42a5a31c4c312

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x214ac 296
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x2147c 48
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x21150 812

Meta infos 11

FileDescription: indoctrination
OriginalFilename: diaglyptic.exe
LegalCopyright: fireball 12
Translation: 0x0409 0x04b0
InternalName: diaglyptic
Comments: misinference
LegalTrademarks: gesneriaceous
FileVersion: 1.02.0003
ProductName: abacli
ProductVersion: 1.02.0003
CompanyName: firebreaks

Packers detected 2

Microsoft Visual Basic v5.0
Microsoft Visual Basic v5.0 - v6.0

Strings analysis - File found

Compressed
\CryptoWallets.zip
\Files.zip
Autogen
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Library
KERNEL32.dll
MSVBVM60.DLL
WININET.dll
SHELL32.dll
VBA6.DLL

Strings analysis - Possible URLs found 1

https://api.telegram.org/bot

Import functions

Name Latest seen MD5
xPBAQ.exe 2022-07-06 18:26:01 c7468437984c0dbc9da355e31bc153e7
jHRLw.exe 2022-07-26 20:58:02 bee47439c4960e2728594ece9ad95ba7
NqHNP.exe 2022-07-27 23:06:02 d7b1362070332023e5163fc54bc9decc
LqAST.exe 2022-07-28 14:26:02 a64c16946bf03bfa2c52aba4dd0b55cc
JaYSN.exe 2022-08-02 20:38:02 a3c20b8c564076ca4e520a99c6cd1764
GsLQA.exe 2022-08-02 20:53:02 97ea1fd26da454e1502d7f4de38a21af